Networking: Firewall

Group 3Cabansay, Kenneth

Elago, RegineLaurenciano, JelynSembrano, Jessica

Sison, RonnaTiongco, Fernando III

Dimzon, Shedrick

BSIT 3Y2-3

End-to-End Network AccessProtection

protects a computer network from unauthorized access. Network firewalls may be hardware devices, software programs, or a combination of the two.

Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets

The firewall is part of an overall security policy that creates a perimeter defense designed to protect the information resources of the organization.

Provides a single choke point. Monitor security-related events (audit, log) Provides protection from attacks Provide strong authentication for access

control purpose

Protect against attacks that bypass the firewall◦ Dial-out from internal host to an ISP

Protect against internal threats◦ Disgruntles employee◦ Insider cooperates with an external attacker

Protect against the transfer of virus-infected programs or files

A firewall denies or permits access based on policies and rules

They may be classified into four categories: Packet Filtering Firewalls Stateful Inspection Firewalls Circuit Level Gateways Application Level Gateways

These technologies operate at different levels of detail, providing varying degrees of network access protection.

Decisions made on per-packet basis Works at the network level of the OSI model Sets up as a list of rules based on matches to

fields in the IP or TCP header Applies packet filters based on access rules

defined by the following parameters: ◦ Source address ◦ Destination address ◦ Application or protocol/next header (TCP, UDP, etc) ◦ Source port number ◦ Destination port number

Every ruleset is followed by an implicit rule reading like this.

Solution: Solution:

Example 1: Suppose we want to allow inbound mail

(SMTP, port 25) but only to Our Gateway machine. Also suppose that mail from some particular site SPIGOT is to be blocked.

Most standard applications that run on top of TCP follow client server model

Creates a directory of outbound TCP connections.◦ An entry for each currently established

connection Reviews same packet information as packet

filtering firewall but also records information about TCP connections

Can keep track TCP sequence number.

•In general, when an application that uses TCP creates a session with a remote host, it creates a TCP connection in which the TCP port number for the remote (server) application is a number less than 1024 and the TCP port number for the local (client) application is a number between 1024 and 16383. •The numbers less than 1024 are the well-known port numbers and are assigned permanently to particular applic.

Stand-alone system Sets up two TCP connections The gateway typically relays TCP segments

from one connection to the other without examining the contents

The security function consists of determining which connections will be allowed

Typically use is a situation in which the system administrator trusts the internal users

Circuit level gateways work at the session layer of the OSI model, or the TCP layer of TCP/IP

Monitor TCP handshaking between packets to determine whether a requested session is legitimate.

Also called proxy server Acts as a relay of application-level traffic Similar to circuit-level gateways except that

they are application specific (i.e., tailored to a specific application program).

Every connection between two networks is made via an application program called a proxy.

Connection state is maintained and updated.

Proxies are application or protocol specific Only protocols that have specific proxies

configured are allowed through the firewall; all other traffic is rejected. ◦ E.g., a gateway that is configured to be a web

proxy will not allow any ftp, gopher, telnet or other traffic through

It filters packets on application data as well as on IP/TCP/UDP fields.

Example: It allows selected internal users to telnet outside.

1. Require all telnet users to telnet through gateway.

2. For authorized users, gateway sets up telnet connection to dest host. Gateway relays data between 2 connections

3. Router filter blocks all telnet connections not originating from gateway.

All that a firewall can do is to control network activities between OSI levels 2 and 7.

They cannot keep out data carried inside applications, such as viruses within email messages: ◦ there are just too many ways of encoding data to be

able to filter out this kind of threat. Although firewalls provide a high level of

security in today's private networks to the outside world we still need the assistance of other related security components in order to guarantee proper network security.